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WHAT IS CLAIMED IS: 

1. A method of forming a virtual private network within 
a mesh network of nodes, the virtual private network 
including member nodes selected from the network of 
nodes, the method comprising the steps of: 

(a) distributing a membership message to the member 
nodes, said membership message including a VPN 
identifier; 

(b) at each member node, determining a topology for 
the virtual private network, wherein for each of 
the member nodes said topology identifies at least 
one adjacent member node; and 

(c) creating label switched paths between the 
member nodes and their adjacent member nodes, 
thereby establishing the virtual private network 
having said topology. 

2. The method claimed in claim 1, wherein said step of 
creating label switched paths includes sending 
MPLS/GMPLS set-up control messaging. 

3. The method claimed in claim 1, wherein said topology 
is a ring and wherein said step of creating label 
switched paths establishes a closed- loop sequence of 
label switched path. 

4. The method claimed in claim 3, wherein said 
membership message includes relative position 
information, said relative position information 
specifying the position of the member node on said 
ring relative to the other member nodes - 

5. The method claimed in claim 4, wherein said relative 
position information includes a sortable value, and 
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wherein said step of determining said topology 
includes sorting said relative position information. 

6. The method claimed in claim 5, wherein said relative 
position information includes an ordinal, and 
wherein said step of determining topology includes 
identifying two adjacent member nodes as the member 
node having the next highest ordinal and the member 
node having the next lowest ordinal . 

7. The method claimed in claim 3, further including a 
step of adding a new member node, two of the member 
nodes being neighbour member nodes to said new 
member node on said ring, wherein said step of 
adding a new member node includes creating label 
switched path segments between said new member node 
and each of said neighbour member nodes before 
dropping a label switched path segment between said 
neighbour member nodes . 

8- The method claimed in claim 3, further including a 
step of removing a selected member node, two of the 
member nodes being neighbour member nodes to said 
selected member node on said ring, wherein said step 
of removing includes creating a label switched path 
segment between said neighbour member nodes before 
dropping label switched paths between said selected 
node and each of said neighbour member nodes. 

9. The method claimed in claim 1, further including a 
step of populating a forwarding table at the member 
nodes . 

10. The method claimed in claim 1, further including a 
step of providing a signalling protocol on said 
label switched paths having a multi -level label 
stack. 
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11. The method claimed in claim 10, wherein said multi- 
level label stack includes a first layer label 
identifying a tunnel label and a second layer label 
identifying an egress member node label. 

12. The method claimed in claim 11, wherein said multi- 
level label stack further includes a third layer 
label providing a network differentiator. 

13. The method claimed in claim 1, further including a 
step of broadcasting a data packet from one of the 
member nodes to the other member nodes over the 
virtual private network. 

14 . A computer program product having a computer- 
readable medium tangibly embodying computer 
executable instructions for creating a virtual 
private network within a mesh network of nodes, the 
virtual private network including member nodes 
selected from the network of nodes, the computer 
executable instructions comprising: 

(a) computer executable instructions for 
distributing a membership message to the member 
nodes, said membership message including a VPN 
identifier; 

(b) computer executable instructions for 
determining, at each member node, a topology for 
the virtual private network, wherein for each of 
the member nodes said topology identifies at least 
one adjacent member node; and 

(c) computer executable instructions for creating 
label switched paths between the member nodes and 
their adjacent member nodes, thereby establishing 
the virtual private network having said topology. 

15. The computer program product claimed in claim 14, 
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wherein said computer executable instructions for 
creating label switched paths include computer 
executable instructions for sending MPLS/GMPLS set- 
up control messaging . 

16. The computer program product claimed in claim 14, 
wherein said topology is a ring and wherein said 
computer executable instructions for creating label 
switched paths establish a closed- loop sequence of 
label switched paths . 

17. The computer program product claimed in claim 16, 
wherein said membership message includes relative 
position information, said relative position 
information specifying the position of the member 
node on said ring relative to the other member 
nodes . 

18. The computer program product claimed in claim 17, 
wherein said relative position information includes 
a sortable value, and wherein said computer 
executable instructions for determining said 
topology includes computer executable instructions 
for sorting said relative position information. 

19. The computer program product claimed in claim 18, 
wherein said relative position information includes 
an ordinal, and wherein said computer executable 
instructions for determining topology include 
computer executable instructions for identifying two 
adjacent member nodes as the member node having the 
next highest ordinal and the member node having the 
next lowest ordinal . 

20. The computer program product claimed in claim 16, 
further including computer executable instructions 
for adding a new member node, two of the member 
nodes being neighbour member nodes to said new 
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member node on said ring, wherein said computer 
executable instructions for adding a new member node 
include computer executable instructions for 
creating label switched path segments between said 
new member node and each of said neighbour member 
nodes before dropping a label switched path segment 
between said neighbour member nodes . 

21. The computer program product claimed in claim 16, 
further including computer executable instructions 
for removing a selected member node, two of the 
member nodes being neighbour member nodes to said 
selected member node on said ring, wherein said 
computer executable instructions for removing said 
selected member node include computer executable 
instructions for creating a label switched path 
segment between said neighbour member nodes before 
dropping label switched paths between said selected 
node and each of said neighbour member nodes. 

22. The computer program product claimed in claim 14, 
further including computer executable instructions 
for populating a forwarding table at the member 
nodes . 

23. The computer program product claimed in claim 14, 
further including computer executable instructions 
for providing a signalling protocol on said label 
switched paths having a multi- level label stack. 

24. The computer program product claimed in claim 23, 
wherein said multi -level label stack includes a 
first layer label identifying a tunnel label and a 
second layer label identifying an egress member node 
label . 

25. The computer program product claimed in claim 24, 
wherein said multi -level label stack further 
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includes a third layer label providing a network 
differentiator . 

26- The computer program product claimed in claim 14, 
further including computer executable instructions 
for broadcasting a data packet from one of the 
member nodes to the other member nodes over the 
virtual private network. 

27. A system for forming a virtual private network 
within a mesh network of nodes, the virtual private 
network including member nodes selected from the 
network of nodes, the system comprising: 

(a) means for distributing a membership message to 
the member nodes, said membership message 
including a VPN identifier; 

(b) means for determining a topology for the 
virtual private network, wherein for each of the 
member nodes said topology identifies at least 
one adjacent member node; and 

(c) means for creating label switched paths between 
the member nodes and their adjacent member nodes, 
thereby establishing the virtual private network. 

28. The system claimed in claim 27, wherein said means 
for creating label switched paths includes means for 
sending .control messaging based upon a protocol 
selected from the group including MPLS, GMPLS, ASTN, 
OUNI, and PNNI. 

29. The system claimed in claim 27, wherein said 
topology is a ring and wherein said means for 
creating label switched paths establishes a closed- 
loop sequence of label switched paths. 

30. The system claimed in claim 29, wherein said 
membership message includes relative position 
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information, said relative position information 
specifying the position of the member node on said 
ring relative to the other member nodes. 

31. The system claimed in claim 30, wherein said 
relative position information includes a sortable 
value, and wherein said means for determining said 
topology includes means for sorting said relative 
position information - 

32. The system claimed in claim 31, wherein said 
relative position information includes an ordinal, 
and wherein said means for determining a topology 
includes means for identifying two adjacent member 
nodes as the member node having the next highest 
ordinal and the member node having the next lowest 
ordinal . 

33. The system claimed in claim 29, further including 
means for adding a new member node, two of the 
member nodes being neighbour member nodes to said 
new member node on said ring, wherein said means for 
adding a new member node includes means for creating 
label switched path segments between said new member 
node and each of said neighbour member nodes before 
dropping a label switched path segment between said 
neighbour member nodes . 

34. The system claimed in claim 29, further including 
means for removing a selected member node, two of 
the member nodes being neighbour member nodes to 
said selected member node on said ring, wherein said 
means for removing includes means for creating a 
label switched path segment between said neighbour 
member nodes before dropping label switched paths 
between said selected node and each of said 
neighbour member nodes. 



15877ROUS01U 



- 25 - 



35. The system claimed in claim 27, further including a 
means for populating a forwarding table at the 
member nodes. 

36. The system claimed in claim 27, further including 
means for providing a signalling protocol on said 
label switched paths having a multi- level label 
stack. 

37. The system claimed in claim 36, wherein said multi- 
level label stack includes a first layer label 
identifying a tunnel label and a second layer label 
identifying an egress member node label. 

38. The system claimed in claim 37, wherein said multi- 
level label stack further includes a third layer 
label providing a network differentiator. 

39. The system claimed in claim 27, further including 
means for broadcasting a data packet from one of the 
member nodes to the other member nodes over the 
virtual private network. 

40. A system for forming a virtual private network 
within a mesh network of nodes, the system 
comprising: 

member nodes selected from the network of nodes, 
wherein said member nodes receive a membership 
message, said membership message including a VPN 
identifier, and wherein said member nodes include a 
topology module for determining a topology for the 
virtual private network, wherein for each of said 
member nodes said topology identifies at least one 
adjacent member node; and 

label switched paths between said member nodes and 
their adjacent member nodes, wherein said label 
switched paths establish the virtual private 
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network . 

41. The system claimed in claim 40, wherein said 
topology is a ring and wherein said label switched 
paths form a closed- loop sequence of label switched 
paths . 

42. The system claimed in claim 41, wherein said 
membership message includes relative position 
information, said relative position information 
specifying the position of the member node on said 
ring relative to the other member nodes. 

43. The system claimed in claim 42, wherein said 
relative position information includes a sortable 
value, and wherein said topology module includes a 
sorting module for sorting said relative position 
information . 

44. The system claimed in claim 43, wherein said 
relative position information includes an ordinal, 
and wherein said topology module identifies two 
adjacent member nodes as said member node having the 
next highest ordinal and said member node having the 
next lowest ordinal . 

45. The system claimed in claim 40, wherein said member 
nodes include a forwarding table . 

46. The system claimed in claim 40, wherein said label 
switched paths support a signalling protocol having 
a multi- level label stack. 

47- The system claimed in claim 46, wherein said multi- 
level label stack includes a first layer label 
identifying a tunnel label and a second layer label 
identifying an egress member node label . 

48. The system claimed in claim 47, wherein said multi- 
level label stack further includes a third layer 
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label providing a network differentiator. 

49- The system claimed in claim 40, wherein one of said 
member nodes broadcasts a data packet to the other 
said member nodes over the virtual private network. 



